CVE-2024-9464
Published: 09 October 2024
Summary
CVE-2024-9464 is a critical-severity OS Command Injection (CWE-78) vulnerability in Paloaltonetworks Expedition. Its CVSS base score is 9.3 (Critical).
Operationally, ranked in the top 0.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-9464 is an OS command injection vulnerability, tracked as CWE-78, that affects Palo Alto Networks Expedition. It received a CVSS 4.0 score of 9.3 and was published on 2024-10-09. The flaw permits execution of arbitrary operating system commands with root privileges on the Expedition host.
An authenticated attacker with network access can exploit the issue without user interaction to run commands as root. This grants access to usernames, cleartext passwords, PAN-OS device configurations, and device API keys stored or managed by Expedition.
Palo Alto Networks has published an advisory at https://security.paloaltonetworks.com/PAN-SA-2024-0010 that addresses the vulnerability, while additional technical analysis appears at https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/. The current EPSS score stands at 0.8531 with a recorded peak of 0.8773.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-49956
Vulnerability details
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.